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EXAMINER'S ANSWER 



This is in response to the appeal brief filed 7/25/2006 appealing from the Office action 
mailed 2/15/2006. 
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(1) Real Party in Interest 

A statement identifying by name the real party in interest is contained in the brief. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, interferences, or judicial 
proceedings which will directly affect or be directly affected by or have a bearing on the 
Board's decision in the pending appeal. 

(3) Status of Claims 

The statement of the status of claims contained in the brief is correct. 

(4) Status of Amendments After Final 

The appellant's statement of the status of amendments after final rejection 
contained in the brief is correct. 

(5) Summary of Claimed Subject Matter 

The summary of claimed subject matter contained in the brief is correct. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The appellant's statement of the grounds of rejection to be reviewed on appeal is 
correct. 
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(7) Claims Appendix 

The copy of the appealed claims contained in the Appendix to the brief is correct. 



(8) Evidence Relied Upon 



5,357,573 


WALTERS 


10/1994 


4,200,770 


HELLMAN 


4/1980 


5,644,444 


BRAITHWAITE 


7/1997 


5,973,475 


COMBALUZIER 


10/1999 


6,792,536 


TEPPLER 


9/2004 


5460441 


HASTINGS 


10/1995 


PCT No. W09857474 


MERRIEN 


12/1998 



MacDonald, D., "Windows NT Server, Microsoft Windows NT 5.0 TCP/IP 
Implementation Details TCP/IP Protocol Stack and Services", 10/1998, obtained 
from http://asg.web.cmu.edu/orpheus/msdocs/wp/nt5tcpip.doc 

(9) Grounds of Rejection 

The following ground(s) of rejection are applicable to the appealed claims: 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
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invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1, 4, 10, 13, 15, 20, 23, 25, 26, 29, and 30 are rejected under 35 U.S.C. 

103(a) as being unpatentable over Merrien (PCT No. W09857474) in view of Walters 

(U.S. Patent 5,357,573). 
Regarding Claim 1, 

Merrien discloses a processing unit connectable to a data 
communications network, the processing unit having a device reader 
(Page 8, line 34 to Page 9, line 4) for a portable storage device that 
includes storage operable to supply a network identity (Page 9, lines 18- 
23) for the processing unit and an access controller (Page 10, lines 16- 
28), the access controller being operable to prevent unauthorized reading 
and writing to the storage (Page 10, lines 16-28), the processing unit 
being operable to read the supplied network identity only after 
authentication has taken place (Page 10, lines 16-28). Merrien does not 
disclose the method of first attempting to write to the storage device and, 
only once the write has failed, to read the network identity. 

Walters, however, discloses that the processing unit is operable, 
before reading from the portable storage device, to attempt a write to the 
portable storage device, and, on determining that the write has failed, to 
read a protection code, authorizing the reading of data on the card 
(Column 4, line 62 to Column 5, line 51). It would have been obvious to 
one of ordinary skill in the art at the time of applicant's invention to 
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incorporate the memory card of Walters into the smart card system of 
Merrien in order to verify that the card input to the system was an 
approved card that could be used with the system. 
Regarding Claim 10, 

Claim 10 is a program claim that corresponds to system claim 1 
and is rejected for the same reasons. 
Regarding Claim 15, 

Claim 15 is a program on carrier medium claim that corresponds to 
system claim 1 and is rejected for the same reasons.. 
Regarding Claim 20, 

Claim 20 is a method claim that corresponds to system claim 1 and 
is rejected for the same reasons. 
Regarding Claim 25, 

Claim 25 is a system claim that is broader than system claim 1 and 
is rejected for the same reasons. 
Regarding Claim 26, 

Claim 26 is a system claim that is broader than system claim 1 and 
is rejected for the same reasons. 
Regarding Claim 4, 

Merrien as modified by Walters discloses the system of claim 1 , in 
addition, Merrien discloses that the portable storage device is a smart card 
(Page 8, line 34 to Page 9, line 4), the access controller is a 
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microcontroller (Page 12, lines 5-14), and the device reader is a smart 
card reader (Page 8, line 34 to Page 9, line 4; and Page 9, line 24 to Page 
10, line 2). 
Regarding Claim 13, 

Claim 13 is a program claim that corresponds to system claim 4 
and is rejected for the same reasons. 
Regarding Claim 23, 

Claim 23 is a method claim that corresponds to system claim 4 and 
is rejected for the same reasons. 
Regarding Claim 30, 

Claim 30 is a system claim that is broader than system claim 4 and 
is rejected for the same reasons. 
Regarding Claim 29, 

Merrien as modified by Walters discloses the device of claim 25, in 
addition, Merrien discloses that the access controller is a microcontroller 
(Page 12, lines 5-14). 

Claims 2, 11, and 21 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Merrien in view of Walters, further in view of Braithwaite (U.S. Patent 5,644,444). 
Regarding Claim 2, 

Merrien as modified by Walters discloses the system of claim 1 , in 
addition, Merrien discloses copying the supplied network identity from a 
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data carrier to a second memory location and to use the supplied network 
identity (Page 9, lines 18-23; and Page 10, lines 16-28). Walters 
discloses attempting a write to the storage of the portable storage device, 
and on determining that the write has failed, to copy data from the portable 
storage device (Column 4, line 62 to Column 5, line 21). Merrien as 
modified by Walters does not disclose the detection of a portable storage 
device upon powering up of the processing unit. 

Braithwaite, however, discloses that the processing unit is 
operable, on being powered up, to determine whether a said portable 
storage device is present in the device reader (Column 9, lines 30-41). It 
would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the write protection scheme of 
Braithwaite into the smart card system of Merrien as modified by Walters 
in order to properly detect a portable storage device so as to continue 
operations without delay. 
Regarding Claim 11, 

Claim 1 1 is a program claim that corresponds to system claim 2 
and is rejected for the same reasons. 
Regarding Claim 21, 

Claim 21 is a method claim that corresponds to system claim 2 and 
is rejected for the same reasons. 
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Claims 3, 12, 22, 27, and 28 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Merrien in view of Walters, further in view of Hellman (U.S. Patent 
4,200,770). 

Regarding Claim 3, 

Merrien as modified by Walters discloses the system of claim 1 , in 
addition, Merrien discloses that the processing unit is operable to modify 
content of the portable storage device on the condition that proper 
authentication and encryption have taken place (Page 10, lines 16-28), but 
Merrien as modified by Walters does not disclose key exchange or key-to- 
key encryption. 

Hellman, however, discloses key-to-key encryption (Column 8, line 
65 to Column 9, line 25) and a key exchange method comprising a 
transmitter that supplies a key to a receiver (Column 9, lines 7-8), and, in 
response to receipt of a return key from the receiver (Column 9, lines 9- 
10), to send an encrypted message to the receiver (Column 9, lines 20- 
23). It would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate the key exchange and 
encryption schemes of Hellman into the smart card system of Merrien as 
modified by Walters because Merrien discloses that any convenient or 
conventional encryption scheme may be used in the system (the 
techniques of Diffie and Hellman being quite well known at the time the 
invention was made) (Merrien, Page 18, line 26 to Page 19, line 22). 
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Regarding Claim 12, 

Claim 12 is a program claim that corresponds to system claim 3 
and is rejected for the same reasons. 
Regarding Claim 22, 

Claim 22 is a method claim that corresponds to system claim 3 and 
is rejected for the same reasons. 
Regarding Claim 27, 

Claim 27 is a system claim that is broader than system claim 3 and 
is rejected for the same reasons. 
Regarding Claim 28, 

Merrien as modified by Walters and Hellman discloses the system 
of claim 27, in addition, Merrien discloses that the access controller is 
subsequently operable to respond to an encrypted command from the 
processing unit to modify the content of the storage in the portable storage 
device (Page 10, lines 16-28). 



Claims 5, 14, 24, and 31 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Merrien in view of Walters, further in view of Windows NT Server 
(MacDonald, D., "Windows NT Server, Microsoft Windows NT 5.0 TCP/IP 
Implementation Details TCP/IP Protocol Stack and Services", 10/1998, obtained from 
http://asg.web.cmu.edu/orpheus/msdocs/wp/nt5tcpip.doc). 

Regarding Claim 5, 
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Merrien as modified by Walters does not disclose a MAC address. 

Windows NT Server, however, discloses that the network identity 
comprises a MAC address (Page 12, Paragraphs 2 and 3). It would have 
been obvious to one of ordinary skill in the art at the time of applicant's 
invention to incorporate the ARP protocol of Windows NT Server into the 
smart card system of Merrien as modified by Walters in order to obtain a 
(physical) MAC address of a computer from the (logical) IP address of that 
computer. 
Regarding Claim 14, 

Claim 14 is a program claim that corresponds to system claim 5 
and is rejected for the same reasons. 
Regarding Claim 24, 

Claim 24 is a method claim that corresponds to system claim 5 and 
is rejected for the same reasons. 
Regarding Claim 31, 

Claim 31 is a system claim that is broader than system claim 5 and 
is rejected for the same reasons. 

Claims 6, 7 and 16-18 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Merrien in view of Walters, further in view of Combaluzier (U.S. 
Patent 5,973,475). 

Regarding Claim 6, 
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Merrien as modified by Walters discloses the system of claim 1 , in 
addition, Merrien discloses that the processing unit comprises circuitry to 
allow the processing unit to control functions of the processing unit (Page 
9, lines 1 1-17), but does not disclose that the circuitry is a service 
processor. 

Combaluzier, however, discloses that the processing unit 
comprises a service processor, the service processor being programmed 
to control reading of the portable storage device (Column 4, lines 22-33). 
It would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the cellular telephone of Combaluzier 
into the smart card system of Merrien as modified by Walters in order to 
identify the user and authorize the use of the cellular telephone, as well as 
perform any needed transferring of data between the portable storage 
device and the processing unit (Column 4, lines 34-55). 

Regarding Claim 16, 

Claim 16 is a program claim that corresponds to system claim 6 
and is rejected for the same reasons. 

Regarding Claim 7, 

Merrien as modified by Walters and Combaluzier discloses the 
system of claim 6, in addition, Combaluzier discloses that the service 
processor is a microcontroller (Column 4, lines 22-33). 

Regarding Claim 17, 
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Claim 17 is a program claim that corresponds to system claim 7 
and is rejected for the same reasons. 
Regarding Claim 18, 

Merrien as modified by Walters discloses the program of claim 10, 
but does not disclose that this program is run on a microcontroller. 

Combaluzier, however, discloses that the microcontroller controls 
the operations of the processing unit (Column 4, lines 22-33). It would 
have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the cellular telephone of Combaluzier 
into the smart card system of Merrien as modified by Walters in order to 
identify the user and authorize the use of the cellular telephone, as well as 
perform any needed transferring of data between the portable storage 
device and the processing unit (Column 4, lines 34-55). 



Claim 8 is rejected under 35 U.S.C. 103(a) as being unpatentable over Merrien in 
view of Walters, further in view of Teppler (U.S. Patent 6,792,536). 

Merrien as modified by Walters does not disclose that the processing unit 
is a server computer. 

Teppler, however, discloses that the processing unit is a server computer 
(Column 14, lines 32-37; and Column 20, lines 7-18). It would have been 
obvious to one of ordinary skill in the art at the time of applicant's invention to 
incorporate the smart card system of Teppler into the smart card system of 
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Merrien as modified by Walters in order to provide much interoperability and to 
ensure that secure messaging is done within a protected server security 
perimeter. 

Claim 9 is rejected under 35 U.S.C. 103(a) as being unpatentable over Merrien in 
view of Walters, further in view of Hastings (U.S. Patent 5,460,441). 

Merrien as modified by Walters does not disclose that the processing unit 
is a rack mountable computer server. 

Hastings, however, discloses that the processing unit is a rack mountable 
computer server (Column 3, line 48 to Column 4, line 17). It would have been 
obvious to one of ordinary skill in the art at the time of applicant's invention to 
incorporate the server rack system of Hastings into the smart card system of 
Merrien as modified by Walters in order to have the server(s) disposed in a 
unique manner so as to provide substantially improved access thereto. 



Claim 19 is rejected under 35 U.S.C. 103(a) as being unpatentable over Merrien 
in view of Walters and Combaluzier, further in view of Teppler. 

Merrien as modified by Walters and Combaluzier discloses the 
microcontroller comprising a control program as in claim 18, in addition, 
Combaluzier discloses that the microcontroller is operable as a service processor 
and connected to read the content of storage in a portable storage device 
mounted in the portable storage device (Column 4, lines 22-33). Merrien as 
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modified by Walters and Combaluzier does not disclose that the processing unit 
is a server computer. 

Teppler, however, discloses that the processing unit is a server computer 
(Column 14, lines 32-37; and Column 20, lines 7-18). It would have been 
obvious to one of ordinary skill in the art at the time of applicant's invention to 
incorporate the smart card system of Teppler into the smart card system of 
Merrien as modified by Walters and Combaluzier in order to provide much 
interoperability and to ensure that secure messaging is done within a protected 
server security perimeter. 

(10) Response to Argument 

Appellant argues, with respect to claim 1, that there is no suggestion or 
motivation to combine the references (referring to Merrien in view of Walters). This 
motivation ("to verify that the card input to the system was an approved card that could 
be used with the system") is, indeed, found in Walters. Column 2, lines 31-35 describe 
how only the proper (approved) memory card can be used for a particular application in 
that "Also if the protected program is copied to another memory card, it is not 
executable, as the comparison code contained within the protection routine does not 
concur with the protection code on the new memory card." Column 2, line 60 to Column 
3, line 3 describe how it is verified that the card is an approved card that can be used 
with the system, in that "The program to be protected contains a special protection 
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routine, which accesses the protection code and only executes the application program 
if the protection code is read correctly, i.e. when an authorised memory card is used." 
Such motivation is found in other portions of Walters as well. 

Appellant also argues, with respect to claim 1 , that there is no teaching either in 
the references cited or the prior art to show how to combine the elements of Merrien 
with the elements of Walters to produce the claimed invention. This is seen throughout 
Walters. Column 5, lines 18-21 describe the protection routine as first attempting a 
write to the area of memory that includes the protection code, and subsequently reading 
the protection code when the write fails, in that "This routine will initially attempt to write 
to this memory area. When this does not succeed the protection code will be read to 
guarantee that it is dealing with a functional protection code." Column 2, line 67 to 
Column 3, as quoted above, show how a program will be read and executed from the 
memory card only when the protection routine has completed correctly. Column 1, lines 
62-66, for example, teach that any data can be stored on the memory card, read, and 
used once the memory card is found to be authorised, in that "It is an object of the 
present invention to provide a memory card for PCs which protects against 
unauthorised copying of data and programs saved on the memory card and which also 
prevents unauthorised use of such data and programs." As is clear from these sections, 
as well as others, the protection routine will first be performed (attempting a write to the 
protection code area of memory and subsequent reading and authorising of said 
protection code), and only upon completion of this protection routine indicating that the 
memory card (and possibly device/reader, as shown in Column 4, line 62 to Column 5, 
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line 9) is an authorised memory card will reading of data stored on the memory card be 
allowed to proceed. The data that is read after the card is determine to be authorised 
comprises the data stored on the memory card in Merrien, being at least a network 
identity (address). 

Appellant also argues, with respect to claim 1 , that Merrien and Walters teach 
away from each other in that the protection code of Walters is strictly for internal use to 
ensure that copying or use of software is authorised and, by making this code public, 
such as by using it as a network identity, would jeopardize the security of the code and 
thus undermine the security scheme disclosed by Walters. If the combination of 
Merrien in view of Walters used the network identity (of Merrien) as the protection code 
(of Walters), perhaps there would be basis for this argument. However, as stated 
multiple times previously, the network identity and protection code are entirely separate 
pieces of data stored in different locations of the storage device. The only conclusion 
that the examiner can come to regarding this argument remaining is that appellant 
believes the claims to recite that the network identity is stored within the region of 
storage for which a write is attempted. This is not the case, however, since none of the 
claims include such a limitation. What the claims require is that the storage device 
stores a network identity, an attempt to write to the storage of the storage device is 
performed and, if this write has failed, the network identity is read. As described above, 
below, and in previous responses, the protection code and routine of Walters is used to 
verify that the memory card is an authorised one, and only once the authorisation 
routine has completed successfully (indicating an authorised memory card) will access 



Application/Control Number: 09/930, 1 1 3 Page 1 7 

Art Unit: 2137 

to other data stored on the card be allowed (other data being at least the address of 
Merrien). 

Appellant also argues, with respect to claim 1 , that there is no teaching or 
suggestion in Walters that verification of the protection code permits the reading of 
arbitrary data (i.e., data other than the executed software, such as the network identity 
of Merrien) from the card. As seen throughout Walters, verification of the protection 
code (and, thus, authorisation of the memory card) allows the reading of arbitrary data 
from the card. Column 1 , lines 62-66, for example, teach this in that "It is an object of 
the present invention to provide a memory card for PCs which protects against 
unauthorised copying of data and programs saved on the memory card and which also 
prevents unauthorised use of such data and programs." As can clearly be seen by this 
section, Walters protects against unauthorised copying and use of data and programs. 
Column 2, lines 8-12 of Walters explicitly teaches that the protection code is used to 
prevent unauthorised use of data, in that "By means of a non-changeable and read-only 
protection code contained or stored in the memory card a reliable protection against 
unauthorised use of programs and data stored in the memory card is guaranteed." 
Claim 1 of Walters also teaches that the memory contains data as well as programs: 
"read-write memory means for storing data and application programs". 

Regarding claims 2-31, appellant has provided no additional arguments other 
than reliance on those used with respect to claim 1 . 



(11) Related Proceeding(s) Appendix 
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No decision rendered by a court or the Board is identified by the examiner in the 
Related Appeals and Interferences section of this examiner's answer. 

For the above reasons, it is believed that the rejections should be sustained. 
Respectfully submitted, 
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